More Data Integrity from WHO and FDA; GCP and GMP Both

December 27, 2016

New data integrity concerns are raised by WHO and by FDA in the areas of GCP and GMP. Once again the enforcement actions reinforce the concept that sponsors and contract givers are accountable for the actions of those with whom they contract. Failure to conduct adequate due diligence, site qualification or provide adequate ongoing oversight of contract organization can have significant negative consequences as seen in these actions. Also, regulators could deem that the contract giver is also at fault for not performing adequate due diligence in contractor selection or in not performing adequate oversite and take an enforcement action. Let’s see if that starts to happen.

The three items are covered below:

WHO Notice of Concern for GCP/GLP: In a recent blog entrywe addressed Semler Research’s receipt of an FDA untitled letter on April 19, 2016 for conduct of BA/BE studies. WHO issued a Notice of Concern to Semler Research on April 12, 2016. Two WHO inspections were conducted in January 2015 and December 2015. FDA’s inspection ended October 9, 2015. It would be interesting to know whether the FDA inspection prompted WHO to re-evaluate the site. WHO mentions that this Notice of Concern addresses products from Lupin, Strides Ltd, Micro Labs and Mylan.

UPDATE 4/29/2016:

And now EMA is now taking action regarding Semler Research. On the request of several member states, the EMA is now going to review products that are approved based on data from Semler Research and determine if any additional actions need to be taken.

FDA Warning Letter for GCP Concerns: FDA continues to place more and more emphasis on data integrity in Bioresearch Monitoring (BIMO) Inspections. See also a recent blog entry regarding a flurry of global enforcement actions in this area. On April 26, 2016 FDA posted a warning letter dated March 29, 2016 issued to Benedict S. Liao MD based on outcome of an inspection ending September 29, 2015. The clinical investigator was cited for failure to follow protocol, failure to maintain accurate case histories, and failure to maintain adequate records of drug disposition and inventory. Several times the letter states “Your failure to maintain adequate and accurate … records compromises the validity and integrity of the data at your site.” Also “Your failure to maintain adequate and accurate case histories jeopardizes subject safety and welfare, and compromises the validity and integrity of data captured at your site.” The FDA deemed the responses to the form 483 inadequate because supporting information was not submitted and the responses lacked corrective action plans that would prevent recurrence of these problems.

FDA Warning Letter for GMP Data Integrity Shortcomings at an API Manufacturer in India: Polydrug Laboratories Pvt. Ltd. located in Mumbai, India received a warning letter dated April 14, 2016 based on the outcome of an inspection ending March 23, 2015. The firm manufactures APIs and was placed on import alert on September 11, 2015. This makes a total of 8 warning letters issued to firms in India this FDA fiscal year and all cite data integrity concerns. It also continues the trend where drug GMP warning letters are issued more than a year after the inspection in question. (HERE). The Slovenia authorities in the EMA issued a report of GMP non-compliance regarding this site based on an inspection in June 2015. The EMA inspection identified seventeen (17) deficiencies, five (5) of which were major including significant problems in the area of data integrity. And finally, Health Canada took action against the firm in June 2015, probably based on information from the US and EMA inspections. Note the apparent collaboration and communication among the major regulatory authorities, so a firm that is addressing enforcement actions from one regulator will likely soon be addressing actions from several authorities.

FDA identifies specific actions and information that must be provided for each of the deficiencies identified in the warning letter along with another list of information that must be provided at the end of the letter. This is the most extensive listing of information that I’ve seen FDA request in a company response to a warning letter.

The deficiencies in the warning letter include but are not limited to:

Failure to adequately investigate customer complaints regarding the presence of foreign particles including hair, googles, a scoop and an insect. Further FDA found a torn sheet of ‘customer complaints’ on the warehouse floor and when it was compared to the official complaint list the official list appeared incomplete. Although the complaints were not from US customers, they were made with shared equipment and thus could impact US product. FDA asks the firm to provide:

a summary of your investigations of all complaints received since 2012, noting whether each complaint is logged in your official complaint log and including root cause determinations and CAPA

your improved complaint handling procedure and details of any further controls implemented to ensure that all complaints are logged, documented, and promptly investigated

The inspector found a torn page from a batch production record and when compared to the completed batch record and the discarded page differences were clearly evident. This event was not investigated, nor was a satisfactory response provided for why it happened. FDA asks the firm to provide:

a summary of your retrospective investigation of the duplicate batch production records for lot (b)(4)

a retrospective review of all batch production records for lots within expiry, including an evaluation of the effect of any discrepancies on API batch quality

your CAPA plan describing actions and controls to ensure accuracy and retention of all records including original batch production records

documentation that your employees are adequately trained to complete batch production records contemporaneously and accurately, to investigate production record discrepancies, and to understand the connection between accurate recordkeeping and product quality

The computer system for entering test results and storing Certificates of Analysis was deficient because it did not have sufficient controls in place to prevent modification of Quality approved results. FDA asks the firm to provide:

a CAPA plan for controlling access to computer systems for all laboratory and manufacturing records and equipment

your firm’s plan to establish, issue, and strictly control access to your manufacturing and laboratory systems

a detailed summary of your steps to train personnel on the proper use of computerized systems

Failure to adequately manage OOS events and invalidation of assay results. The FDA asks the firm to provide:

an evaluation of all laboratory methods to determine their suitabitily and copies of all validation reports for methods you will continue to use

an action plan to replace any method found to be unsuitable for its intended use

all original and retest results for moisture content for all API lots within expiry and distributed since 2012

your actions to ensure all laboratory discrepancies, including any OOS or “invalid” results for any API lot within expiry, have been fully documented, investigated, and resolved

your actions to ensure that any future laboratory discrepancies, including OOS or “invalid” results, will be adequately documented and resolved prior to API release for distribution

And finally, at the end of the letter the FDA asks for the following information to be provided in the firm’s response to the warning letter:

1. A comprehensive investigation into the extent of the inaccuracies in data, records and reporting. Your investigation should include:

A detailed investigation protocol and methodology; a summary of all laboratories, manufacturing operations, and systems to be covered by the assessment; and a justification for any part of your operation that you propose to exclude.

Interviews of current and former employees to identify the nature, scope, and root cause of data inaccuracies. We recommend that these interviews be conducted by a qualified third party.

An assessment of the extent of data integrity deficiencies at your facility. Identify omissions, alterations, deletions, record destruction, non-contemporaneous record completion, and other deficiencies. Describe all parts of your facility’s operations in which you discovered data integrity lapses.

2. A current risk assessment of the potential effects of the observed failures on the quality of your drugs. Your assessment should include analyses of the risks to patients caused by the release of drugs affected by a lapse of data integrity, and risks posed by ongoing operations.

3. A management strategy for your firm that includes the details of your global corrective action and preventive action plan. Your strategy should include:

A detailed corrective action plan that describes how you intend to ensure the reliability and completeness of all of your firm’s data.

A comprehensive description of the root causes of your data inaccuracies, including evidence that the scope and depth of the current action plan is commensurate with the findings of the investigation and risk assessment.

Interim measures describing the actions you have taken or will take to ensure the quality of your drugs, such as notifying your customers, conducting additional testing, recalling product, adding lots to your stability programs to assure stability, and enhanced complaint monitoring.

Completion of these requirements will be labor intensive and will not be accomplished quickly. Their listing does, however, serve as a roadmap to firms who are looking to strengthen their programs in the area of data management and data integrity. Considering these topics in a proactive manner will be far less costly than waiting for a regulatory agency enforcement action.

Get a Free Sample of Warning Letter Deficiencies "Data Integrity", newly published BLOG items and updates on additions to our store.